PFSense no internet
-
Good Day,
Hi. I am a newbie on using PFSense. Why i can't ping outside network on VLAN 10,11 and 50? I already assigned IP's on PFSense. But when i ping 1.1.1.1 from CS01, i can go through. I also done routing on CS01. The VLANs are also handled by CS01. I hope someone can help me resolve my issue. Please see images below for reference.
-
@mikeehendricks Are those other subnets being NATted? try changing the rule from “LAN Subnets” to “any” or an alias that includes the other networks.
-
@SteveITS I already change the source to "ANY", but still i can't ping outside from VLAN 11.
-
Check the rules in Firewall > NAT > Outbound. Either whatever you've added manually or the auto rules. Are there rules for those VLAN subnets?
-
@mikeehendricks Traceroute from VLAN10 to 1.1.1.1 and see how far you get.
-
@stephenw10 Here is my Outbout NAT config
-
@SteveITS As from vlan10/11, i could only get into 192.168.11.1, i could not get beyond that but when i ping 10.0.28.2 from VLAN 11, it go through.
-
@mikeehendricks said in PFSense no internet:
192.168.11.1
And that is CS01 correct, from your screen cap above? Is CS01 routing that subnet on to pfSense? Seems like it is not since there is no response from pfSense.
@mikeehendricks said in PFSense no internet:
when i ping 10.0.28.2 from VLAN 11, it go through
10.0.28.2 is the outside of CS01... So CS01 knows where that IP is, and can even answer because CS01 is 10.0.28.2.
Can you ping 10.0.28.1, the pfSense IP in 10.0.28.0/24? I would think not if CS01 isn't set up to route those subnets.
-
@SteveITS 10.0.28.1 is accessible from CS01. Is there any config that i can do to be able to access 10.0.28.1 from inside VLAN 10/11?
-
@SteveITS When i check the States of LAN rules, i can see the IP that im pinging inside VLAN 11, but on the PC it's still request timed out
-
@mikeehendricks Seems to me that CS01 is sending the packet to pfsense, but pfsense doesn't have a route back since those networks are not directly connected to it, they are behind CS01, right ?
Try to add a static route in pfsense, pointing to those networks behind CS01 with the next hop being 10.0.28.2 (Gi0/0) of CS01. I'm assuming that is a layer 3 switch ? You would also need to create a NAT in pfsense allowing those networks.
-
@mcury I already add a route from VLAN 10/11 to 10.0.28.2, and it works!
Thanks for your help! -
@mikeehendricks said in PFSense no internet:
Thanks for your help!
You are welcome, glad that it helped.
